[Image via alanderekutley]
South Carolina’s Election Commission has sought and received an attorney general’s opinion clearing the way for the state to keep cybersecurity details about its election system secret. The Post and Courier’s Palmetto Politics has more:
Amid intensified focus on election cybersecurity, South Carolina’s top government lawyers have advised the state’s election agency that it does not need to publicly release documents about how it is protecting voting systems.
Citing a “significant increase” in open records requests about cybersecurity, State Election Commission Director Marci Andino requested an opinion from Attorney General Alan Wilson’s office about whether cybersecurity matters fall under an exception to the law that excludes information relating to “security plans and devices.”
Assistant Attorney General Matthew Houck responded in an opinion that a court likely would find that the security plans exemption would apply to cybersecurity infrastructure, allowing the agency to withhold documents about the state’s protection systems.
However, Houck added that the agency’s spending amounts for the implementation of any cybersecurity plans or devices would still be subject to public release. Attorney general opinions are advisory and not binding in court.
Election cybersecurity has come under significant scrutiny this year after the intelligence community concluded that Russia sought to interfere in the 2016 U.S. elections.
The Department of Homeland Security has told election officials in 21 states that hackers targeted their systems before the 2016 election. South Carolina was not included on that list.
Asked about the opinion at a Statehouse hearing Tuesday, Andino said the agency has received requests for information about cybersecurity from both inside and outside the state.
“We want to make sure we’re not providing documents that we should be protecting,” Andino said.
Andino noted that voting booths are not connected to any network. But the agency is concerned about protecting voter registration databases from hacking attempts, she said.
While Andino said there has been some discussion about federal grants for states to update their systems, nothing has come in yet. In the meantime, the agency is working to bolster protections with their own resources.
“We’re taking steps to enhance every aspect of the election infrastructure,” she said.
This is likely to be an interesting – and challenging – issue for states and localities going forward. Typically, the watchword for election offices is transparency, but that can be a problem when such a policy can, in essence, leave doors unlocked for a mischievous or malicious actor. Finding the balance between assuring the public that elections are secure – and keeping bad actors in the dark as to how – will be a topic to watch for the foreseeable future. Stay tuned …